Adobe® ColdFusion® 10 Server Lockdown Guide
Adobe® ColdFusion® 10 Server Lockdown Guide
Adobe® ColdFusion® 10 Server Lockdown Guide
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Setting Default Recommendation Description<br />
Maximum number<br />
of simultaneous<br />
CFC function<br />
requests<br />
Maximum number<br />
of simultaneous<br />
Report threads<br />
Maximum number<br />
of threads available<br />
for CFTHREAD<br />
Timeout requests<br />
waiting in queue<br />
after<br />
Request Queue<br />
Timeout Page<br />
15 1 if not using<br />
Remote CFC<br />
function requests,<br />
otherwise tuned.<br />
This setting applies only to CFC<br />
functions that have access=remote<br />
specified, as they are invoked using<br />
/example.cfc?method=MethodName.<br />
This applies to methods invoked via<br />
the ColdFusion AJAX proxy as well.<br />
If your applications do not make use<br />
of this feature set to 1. Otherwise<br />
use load testing to find the optimal<br />
value for this setting.<br />
1 1 Keep this value at 1 unless you are<br />
using cfreport heavily.<br />
<strong>10</strong> 1 if not using<br />
cfthread, tuned<br />
otherwise.<br />
60 seconds 5 seconds (Match<br />
Request Timeout)<br />
Blank or<br />
/CFIDE/administra<br />
tor/templates/requ<br />
est_timeout_error.<br />
cfm<br />
Set this value to 1 if you are not<br />
using cfthread. If you do use<br />
cfthread setting a value too high can<br />
lead to context switching.<br />
This setting can generally be set<br />
equivalent to the Timeout Requests<br />
After value specified in the Settings<br />
section. A lower setting here can<br />
mitigate the effectiveness of DOS<br />
attacks.<br />
Specified Specify a HTML file giving the user a<br />
message to wait and retry their<br />
request again. The message should<br />
not disclose the fact that the queue<br />
timed out.<br />
64